package com.lute.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.security.oauth2.common.json.JSONArray;
import org.springframework.security.oauth2.common.json.JSONException;
import org.springframework.security.oauth2.common.json.JSONObject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.lute.model.User;
import com.lute.model.UserAccountState;
import com.lute.model.UserEntitlement;
import com.lute.utils.ServerErrorResponse;

@Controller
public class UserLockAccountServlet {
	
	@RequestMapping (value="/lockAccount",method= RequestMethod.POST, headers = "Content-type=application/json")
	public @ResponseBody String lockAccount(@RequestBody String dataJSON, HttpServletRequest request) throws JSONException {
		String result = "";
		String userId;
		Boolean lock;
		JSONObject jsonReq;
		JSONObject jsonRes = new JSONObject();
		
		HttpSession session = request.getSession(false);
		if(session == null) {
			jsonRes.put("result", ServerErrorResponse.USER_NOT_LOGGED_IN.toString());
			result = jsonRes.toString();
			return result;
		}
		
		try {
			jsonReq = new JSONObject(dataJSON);
			userId = jsonReq.getString("userId");
			lock = jsonReq.getBoolean("lock");
		} catch(JSONException e) {
			jsonRes.put("result", ServerErrorResponse.MALFORMED_REQUEST.toString());
			result = jsonRes.toString();
			return result;
		}
		
		/* check if json data was not malformed */
		if((jsonReq.isNull("userId") && (jsonReq.isNull("lock")))) {
			jsonRes.put("result",ServerErrorResponse.MALFORMED_REQUEST.toString());
			result = jsonRes.toString();
			return result;
		}
		
		String role = (String)session.getAttribute("role");
		
		/* check  authorization */
		if(!((role.equals("clientAdmin")) || (role.equals("admin")))) {
			jsonRes.put("result", ServerErrorResponse.USER_NOT_ENTITLED.toString());
			result = jsonRes.toString();
			System.out.println(result);
			return result;
		}
		
		User user = User.getUserFromDB("id_user", Integer.parseInt(userId));
		
		if(user == null) {
			jsonRes.put("result", ServerErrorResponse.UNKNOWN_USER.toString());
			result = jsonRes.toString();
			return result;
		}
		
		try {
			
			boolean isUserPrivileged = UserEntitlement.checkPrivilegeToAccountLock(role, user);
			if(isUserPrivileged) {
				if(lock)user.setAccountLocked(UserAccountState.LOCKED.toString());
				else user.setAccountLocked(UserAccountState.ACTIVE.toString());
				User.updateUserInDB(user);
			} else {
				jsonRes.put("result", ServerErrorResponse.USER_NOT_ENTITLED.toString());
				result = jsonRes.toString();
				return result;
			}
		}catch(NullPointerException npe) {
			jsonRes.put("result", ServerErrorResponse.INTERNAL_ERROR.toString());
			result = jsonRes.toString();
			return result;
		}
		
		jsonRes.put("result","OK");
		result = jsonRes.toString();
		return result;
	}
}